IRC Networks
Irc Logs Stats
Start date: 2007-09-27 02:48:27
Last update: 2008-10-24 20:19:38
Channels: 41
Logged Lines: 6230436
Size: 1825.87 MB
Powered by
Channel Info
Network: freenodeChannel: #iptables |
Search in www.irclog.org
Log from #iptables at freenode 2006-08-09
[00:00]<fyguw_drgau>lemme check it out
[00:00]<vadaz>linux_manju, np
[00:01]<lynnrxnrm>basically if i had some way to have my traffic source from whatever subinterface of my choice I wouldn't need to look into doing it with iptables at all but thats my problem
[00:02]<fyguw_drgau>pizzahead: As i understand .. you are trying to pat a single public IP to multiple destination IPs
[00:04]<fyguw_drgau>tcmjr: Looks good.. But...
[00:04]<fyguw_drgau>tcmjr: I dotn see any packtes hitting the target.. do yu have any rules in the FORWARD chain
[00:05]<fyguw_drgau>tcmjr: iptables -L FORWARD -nv > to textfile again :)
[00:05]<vadaz>Ok
[00:06]<lynnrxnrm>linux_manu: yes but its not even public, its still internal traffic
[00:07]<lynnrxnrm>linux_manu: so i figured if i could someway declare the maximum port translations i could utilize a large block of ip's
[00:07]<lynnrxnrm>max port translations per ip in the pool
[00:07]<lynnrxnrm>if i can do that then i can just run my benchmark with alot of threads and hopefully use as many ips as possible
[00:08]<vadaz>linux_manju, sent
[00:09]<fyguw_drgau>tcmjr: try this in a terminal.. and see if that works...
[00:10]<fyguw_drgau>tcmjr: iptables -t nat -I POSTROUTING -s <your LAN network/mask> -o ppp0 -j MASQUERADE
[00:10]<vadaz>hum i see a problem , my nics are eth0 and eth1 , they showing as eth1 and eth2
[00:11]<vadaz>linux_manju, do I have to erase any old config ?
[00:11]<fyguw_drgau>Nope try as it is.. and
[00:12]<fyguw_drgau>tcmjr: add this rule as well... iptables -I FORWARD -s <yourLAN network/mask> -d 0.0.0.0/0 -j ACCEPT
[00:12]<fyguw_drgau>tcmjr: Yup your interfaces are showing wrongly here..
[00:12]<lynnrxnrm>linux_manju: do you think what I want to do is possible? is the flexibility there?
[00:13]<fyguw_drgau>pizzahead: I am sorry pal.. Could not help you..
[00:14]<lynnrxnrm>heh
[00:14]<vadaz>linux_manju, yourlannetwork shoud be <255.255.255.0> ? just the mask or the ip of the card too ?
[00:14]<fyguw_drgau>tcmjr: lets say if you have a PC 192.168.1.10 and the mask is 255.255.255.0.. you will have to specify..
[00:15]<fyguw_drgau>192.168.1.0/24
[00:15]<fyguw_drgau>as your network
[00:15]<fyguw_drgau>wothout < and > ofcourse :)
[00:15]<fyguw_drgau>for eg..
[00:16]<fyguw_drgau>tcmjr: add this rule as well... iptables -I FORWARD -s 192.168.1.0/24 -d 0.0.0.0/0 -j ACCEPT
[00:16]<fyguw_drgau>tcmjr: iptables -t nat -I POSTROUTING -s 192.168.1.0/24 -o ppp0 -j MASQUERADE
[00:17]<vadaz>ok, do i need the ppp0 ?
[00:17]<vadaz>i'm not connecte to an ppp interface , i have an estatic adree from a cisco router
[00:17]<fyguw_drgau>tcmjr: what is the interface connected to the public network
[00:18]<fyguw_drgau>tcmjr: damn.. no wonder its not working
[00:18]<fyguw_drgau>tcmjr: I thought its a ppp0 interface
[00:18]<-- svgvsdyzgjvr_ xrs>/dev/null")
[00:18]<fyguw_drgau>what is your setup.. eth0 --> internet eth1 LAN?
[00:19]<vadaz>I have the eth0 configured to 192.168.0.4(cisco as gw 192.168.0.1) and eth1 configure to 192.168.1.1
[00:19]<fyguw_drgau>tcmjr: what is the clients IP address
[00:20]<vadaz>cisco is connected to eth0 and eth1 to rest of the network
[00:20]<fyguw_drgau>192.168.1.0/24?
[00:20]<fyguw_drgau>ok try this..
[00:20]<vadaz>the clients right now are using 192.168.0.X direct to the cisco, but I have a test machine right now configured the GW to 192.168.1.10
[00:21]<vadaz>oops, GW to 192.168.1.1 /(the linux box) the client is is .1.10
[00:21]<fyguw_drgau>iptables -A FORWARD -s 192.168.1.0/24 -d 0.0.0.0/0 -j ACCEPT
[00:21]<fyguw_drgau>opps
[00:21]<fyguw_drgau>iptables -I FORWARD -s 192.168.1.0/24 -d 0.0.0.0/0 -j ACCEPT
[00:22]<fyguw_drgau>the second one is the right one
[00:22]<vadaz>ok, done that
[00:23]<fyguw_drgau>iptables -t nat -I POSTROUTING -s 192.168.1.0/24 -d 0.0.0.0/0 -j SNAT --to 192.168.0.4
[00:23]<fyguw_drgau>and ry to access internet from teh client
[00:24]<vadaz>ok hang on
[00:27]<vadaz>Wow, i think its working
[00:27]<vadaz>any way to check on the server the connection to it ?
[00:28]<fyguw_drgau>tcmjr: what??
[00:28]<vadaz>or anything else i should do to save those settings
[00:28]<fyguw_drgau>connetcion to what
[00:28]<vadaz>The client machine is connecting to the internet.
[00:28]<vadaz>using the linux machine as /gw
[00:29]<vadaz>Any way to check the linux box if the user is really connecting trought it ?
[00:29]<fyguw_drgau>yup
[00:30]<fyguw_drgau>run tcpdump -nei eth1 host 192.168.1.10
[00:30]<fyguw_drgau>replace 192.168.1.10 with your cleints ip address
[00:32]<vadaz>is this the right rule to redirect http trafic to squid so I can run it transparent ?
[00:32]<vadaz>-t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
[00:32]<tdbnzr>tcmjr: iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 32777 #Squid
[00:33]<tdbnzr>Ops.
[00:33]<tdbnzr>Yes, Looks right.
[00:33]<vadaz>i just need to change the -to-port to my squid port (3128 default)
[00:34]<vadaz>the eth should be the one connected to the network or the internet ?
[00:34]<tdbnzr>Internal
[00:38]<vadaz>linux_manju, I love you !
[00:40]<vadaz>Now how do I save those magic settings ?
[00:41]<vyrn-vnzsr>tcmjr: gentoo?
[00:41]<drwygn>well, gentoo is a decent Linux distro, but lacks the fine German quality of SuSE. or better then Ubuntu
[00:41]<vadaz>yeah
[00:41]<vyrn-vnzsr>/etc/init.d/iptables save
[00:42]<vadaz>Me and a friend here at work did a little competition, I'm tryng to setup those things at gentoo and he is doing at ubuntu ...
[00:42]<vadaz>Gueess who is wining :P
[00:42]<vadaz>and sudo makes me crazy
[00:43]<vzrllysv>tcmjr: set yourself up as a NOPASSWD sudoer
[00:43]<vadaz>I'm not really touching ubuntu, i'm very happy with gentoo right now.
[00:43]<vyrn-vnzsr>tcmjr: yeah, but you don't have to sudo every freaking thing in Ubuntu, but we won't tell your friend that ;)
[00:44]<vadaz>What was/is killing me was my lack of deep knowledge of linux
[00:44]<vadaz>Our network is/was major windows base.
[00:45]<vadaz>From the previous people that worked here ... But I decide to dive into the linux world.
[00:45]<vadaz>setting squid was fine, now with the help of linux_manju looks like iptables for NAT is great
[00:45]<vadaz>Now I will configure squid for transparent proxy
[00:46]<vyrn-vnzsr>right on, freeing yourself from the licensing hell that is MS feels good huh.
[00:46]<tdbnzr>tcmjr: So, Now _everyone_ can use your squid. ;)
[00:46]<vadaz>Then I just need to find out how to do samba+ldap for pdc and I can crush this old NT4 PDC box
[00:47]<vadaz>TmBerg, at least looks like I configure squid to only allow inside network acess :D
[00:47]<vadaz>*configured
[00:51]<igku2us>linux_ma1ju: can you test for me now?
[00:53]<vyrn-vnzsr>InKubus: wrong nick me thinks, --> linux_manju has quit (Read error: 60 (Operation timed out))
[00:53]<igku2us>ah, harsh
[00:53]<igku2us>he did join before the nick timed out though
[00:54]<igku2us>so maybe it's just cause his nick was in use
[00:54]<tdbnzr>tcmjr: Which version of squid are you setting up?
